Sun Tzu 2.0: Is CyberWar the new Warfare?

Uploaded on 2015-08-14 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

QinChineseQuotesArtofWarA640x640.jpg

 

For better or worse, the multitude of networks that help keep our world interconnected is a much different place today than it was in the past. Paradoxically, the networks that provide users with a wealth of information, transactional services and the like have also been used as a battlefield to disrupt our everyday lifestyle. From obtaining general information to managing online financial portfolios to purchasing flight tickets, there has been a groundswell of disruption to access these channels.

This year alone, these major cyber events have taken place:

January 2015: Pro Russian Hackers claim success in taking down German Chancellor’s website.

February 2015: Dutch government websites go down for more than 12 hours and cite DDoS attacks as the cause.

March2015: South Korea issues a report blaming North Korea for cyber-attacks on nuclear and water power plants.

April 2015: Group Anonymous kicks off #OpIsrael by attacking all Israeli-owned cyber assets.

May 2015: Germany’s Parliament confirms sophisticated cyber-attacks on their institution.

June 2015: Security researchers reveal that Southeast Asian Governments were hit by Operation Lotus Blossom. These attacks included sophisticated intrusions.

July 2015: A major US air carrier and stock exchange stops operating for several hours citing operational problems; however, numerous questions linger about the severity and consequences of such events.

Cyberwar and its ramifications have been debated for some time and the issue has been wrought with controversy. Few would argue that cyber-attacks are not prevalent in cyberspace. However, does it amount to a type of warfare? Are we in a cyberwar?

Let’s break this down by drawing parallels from a treatise by 6th century military general, Sun Tzu, who authored one of the most definitive handbooks on warfare, “The Art of War.” His writings have been studied throughout the ages by professional militaries and can used to not only answer the question of whether or not we are in a cyberwar, but how one can fight a cyber-battle.

There are 13 elements that Sun Tzu uses to define warfare. Here are five noteworthy elements that relate to our question about cyberwar.

Element 1: The Army on the March

Sun Tzu suggests that for there to be a war, there needs to be an army on the march. This idea stems from the idea that to gain geo-political advantage, there must be an adversary to march against you.

This notion of coordination and focus is applicable to modern day cyber-attacks. And it is accepted in risk circles that there are a number of motives, which can contribute to these mass, focused attacks. One example of this is Operation Ababil. This cyber-attack lasted close to two years from 2012-2014 and targeted banks and financial institutions in the US It was purported to have originated from Iranian-backed cyber attackers who wanted to exert geo-political pressure on Western countries to ease sanctions.

Other examples exist such as the much heralded, attacks on Israel during various Gaza conflicts and those documented between Russia and the Ukraine and Russia and Georgia. Just like the Cold War was an abstract concept in which invisible hands seemed to drive motives and influence, the notion of today’s cyberwar has transcended, in many cases, to nation-state sponsorship.

Element 2: Variation of Tactics

Sun Tzu suggests that for warfare to exist the intended target must stay the same. However, tactics will change to gain more effect or efficacy. Sun Tzu also states that until the aggressor has achieved their results or has lost the will to fight, they will continue to fight endlessly and will randomize tactics within the battles themselves.

One can ask, does the current world of multi-vectored attacks seem more like warfare or a schoolyard brawl? If it were a brawl, one could assume that when emotions cooled, sounder times would prevail. However, if it is warfare, according to Sun Tzu, the attacks pervade. And right now, we see no end of cyber-attacks in sight. 

Element 3: The Use of Intelligence

Sun Tzu suggests the adversary who gains unique insight into their adversaries’ weaknesses and strengths holds the advantage in the battle therein. 

During the two decades I’ve spent in the information security space, there is no precedent, requiring companies to arm themselves with ‘intelligence.’ In the past, the term intelligence was largely reserved for nation-state activities to further knowledge in pursuit of geo-political gain. However, there is an ever increasing, call for companies to be armed with unique information on changing threats and retain that capability within their companies.

Element 4: Illusion vs. Reality

According to Sun Tzu, wars are won by perception alone. He suggests that the key in both waging war and winning war is in the finer elements of destroying an adversary’s will to fight. He also suggests that kinetic engagement is often a futile effort in destroying the will of an adversary. The victor will be he who plants the perception in the minds of the combatants that their resistance will be futile. This is imperative.

This is an essential part of warfare – combatants create psychological messaging and leverage alliances and influencers to conduct warfare. The resulting ‘image’ created from those efforts are sometimes far from the reality, yet necessary for adversaries to win wars. Given this, we have witnessed concerted efforts by today’s cyber-attackers (Anonymous Operations, LulzSec, and many more) to exact a mental toll on their intended victims even before a single attack is hurled.

Often times even just the threat of attacks can result in the aggressor gaining their concessions from their targeted victims. These efforts are now spilling over to geo-political threats on everything from the financial sectors to critical infrastructure.

Element 5: Laying Plans

Sun Tzu argues that to be the victor in warfare one must lay plans for the victory. He suggests that the most successful defense and offense of a military is achieved first through professional planning.

Before our eyes we are witnessing a dramatic change in nation-states standing up legions of newly organized Cyber warfare centers, which are designed to organize, train and equip the next generation warrior. Moreover, there is an equally impressive effort on behalf of transnational actors (e.g. Al-Qaida, ISIS, Group Anonymous, and numerous other groups) who don’t call a nation-state home. Nevertheless, they have built impressive capabilities to exact their will on others through training camps and fielding armories of newly developed weapons. Today’s threat landscape is moving quickly with offensive weapons being fielded routinely as well as innovative new ways to exploit old vulnerabilities via the use of professional planning and training.

The changes in the threat landscape and the documented attacks are more akin to warfare than random acts of thuggery. Although many of these attacks are not directed in a coordinated manner with a central authority, tactics and means often lead like-minded organizations to band together. Could this possibly be the next step in the evolution of this type of warfare?

Should this environment manifest to an all-out warfare, serious questions may arise. How capable are we to protect human safety in transportation systems? Can the integrity of our financial sector be preserved? Will the quality and the sanctity of our way of life remain preserved by of our political and governing systems? If we are not capable – what measures need to be implemented in order to protect these interests? 

Hopefully, we can abate these threats and take back the upper hand in this electronic “Sun Tzu 2.0” warfare.
Ein News: http://bit.ly/1TBm6So

 

« Hacking Critical Infrastructure: How-To Guide
When Your White Hat Is Really a Black Hat »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Veracode

Veracode

Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications.

Cybereason

Cybereason

Cybereason provides attack protection with cutting edge EDR and XDR, and industry recognized consulting services to support organizations throughout any stage of the incident lifecycle.

Prim'X Technologies

Prim'X Technologies

Prim'X Technologies provides information protection solutions to prevent unauthorised access to sensitive data.

Critical Infrastructures for Information and Cybersecurity (ICIC)

Critical Infrastructures for Information and Cybersecurity (ICIC)

ICIC addresses the demand for cybersecurity for National Public Sector organizations and civil and private sector organizations in Argentina.

International Federation of Robotics (IFR)

International Federation of Robotics (IFR)

The International Federation of Robotics connects the world of robotics around the globe. Our members come from the robotics industry, industry associations and research & development institutes.

ReliaQuest

ReliaQuest

ReliaQuest’s GreyMatter solution connects existing technology, people, and process – then equips security teams with unified, actionable insights across their entire environment.

Stratejm

Stratejm

Stratejm, a Next Generation Managed Security Services Provider, brings innovation and thought leadership to the fight against cyber criminals.

Phoenix Cybersecurity

Phoenix Cybersecurity

Phoenix Cybersecurity Services and Managed Security Services help clients just like you take full advantage of leading cybersecurity technologies and industry best practices.

FINX Capital

FINX Capital

FINX strives to solve the cybersecurity issues with its proprietary technolog, FINX SHIELD, by utilizing big data, blockchain combined with artificial intelligence.

Pillr

Pillr

Pillr is a cybersecurity operations platform capable of adapting to the demands of your business and team — and the global threat landscape.

AdronH

AdronH

AdronH is a company of Cyber Security consultants. We support companies and public institutions with their digital transformation to new and secure business platforms.

GreenPages Technology Solutions

GreenPages Technology Solutions

GreenPages provide expert strategic guidance and proven cloud-era solutions for our clients. Every day we help organizations leverage the cloud securely with less risk and cost.

Whitaker Brothers

Whitaker Brothers

Whitaker Brothers data destruction equipment can be found in 115 countries and every single continent in the world, from major military organizations to small offices.

Buzz Cybersecurity

Buzz Cybersecurity

Buzz Cybersecurity systems and services are designed to proactively guard against common and uncommon cyber threats.

Aspiron Search

Aspiron Search

Aspiron Search is a niche-focused Cybersecurity search firm that works exclusively with venture-backed Cybersecurity firms.

Point Wild

Point Wild

Point Wild is a holding company that acquires, integrates and manages a diverse portfolio of best-in-class cybersecurity brands for consumers and enterprises.